wip

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

Author: jkowalleck

cyclonedx/model/component_evidence.py

@@ -288,8 +288,8 @@ def __hash__(self) -> int:
 
     def __repr__(self) -> str:
         return f'<Identity field={self.field}, confidence={self.confidence},' \
-            f' concludedValue={self.concluded_value},' \
-            f' methods={self.methods}, tools={self.tools}>'
+               f' concludedValue={self.concluded_value},' \
+               f' methods={self.methods}, tools={self.tools}>'
 
 
 @serializable.serializable_class(ignore_unknown_during_deserialization=True)
@@ -768,6 +768,10 @@ def json_normalize(cls, o: ComponentEvidence, *,
 
     @classmethod
     def json_denormalize(cls, o: dict[str, Any], **__: Any) -> Any:
+        if isinstance(identity := o.get('identity', []), dict):
+            # Handle identity field which can be a dict (CycloneDX 1.5) or list of dicts (CycloneDX 1.6)
+            # Before passing to ComponentEvidence.from_json, ensure it's always a list
+            o = {**o, 'identity': [identity]}
         return ComponentEvidence.from_json(o)  # type:ignore[attr-defined]
 
     @classmethod

tests/_data/own/json/1.6/component_evidence_identity.json

@@ -127,3 +127,13 @@ def test_regression_issue690(self) -> None:
             json = json_loads(f.read())
         bom: Bom = Bom.from_json(json)  # <<< is expected to not crash
         self.assertIsNotNone(bom)
+
+    def test_component_evidence_identity(self) -> None:
+        """Since 1.8 it is allowed to have component evidence identity as a list or an object"""
+        json_file = join(OWN_DATA_DIRECTORY, 'json',
+                         SchemaVersion.V1_6.to_version(),
+                         'component_evidence_identity.json')
+        with open(json_file) as f:
+            json = json_loads(f.read())
+        bom: Bom = Bom.from_json(json)  # <<< is expected to not crash
+        self.assertIsNotNone(bom)

tests/test_deserialize_json.py

@@ -37,9 +37,9 @@ class TestModelComponentEvidence(TestCase):
     def test_no_params(self) -> None:
         ComponentEvidence()  # Does not raise `NoPropertiesProvidedException`
 
-    def test_identity(self) -> None:
+    def test_identity_single(self) -> None:
         identity = Identity(field=IdentityField.NAME, confidence=Decimal('1'), concluded_value='test')
-        ce = ComponentEvidence(identity=[identity])
+        ce = ComponentEvidence(identity=identity)
         self.assertEqual(len(ce.identity), 1)
         self.assertEqual(ce.identity.pop().field, 'name')
 
@@ -201,7 +201,6 @@ def test_not_same_1(self) -> None:
         self.assertNotEqual(hash(ce_1), hash(ce_2))
         self.assertFalse(ce_1 == ce_2)
 
-
 class TestModelCallStackFrame(TestCase):
 
     def test_fields(self) -> None: